Home page logo

nanog logo nanog mailing list archives

Re: Stealth Blocking
From: "J.D. Falk" <jdfalk () cybernothing org>
Date: Fri, 25 May 2001 20:24:59 -0700

On 05/25/01, Shawn McMahon <smcmahon () eiv com> wrote: 

On Thu, May 24, 2001 at 05:49:54PM -0700, Roeland Meyer wrote:

Guys, there are more cases that may look like an open relay, but really

I don't see how you can have a false positive on an open relay test.  Either
it allows you to send a test email through, or it doesn't.  If it does,
it is by definition open.

        Usually, a false positive on a relay test can happen in one
        of two ways:

                1. you're downstream of the operators of the server 
                   that you're testing, and therefore are legitimately 
                   relaying through it (as you suggested), or

                2. you don't wait to see if the message comes back.

        Lemme expand on #2 just a bit.  Some mail servers will appear
        to accept all mail, and not send a 5xx response immediately.
        Some won't even generate a bounce message.  But they also won't
        forward the message on to its' off-site recipient.  It'll just
        disappear into the bit bucket.  That's not an open relay, but
        most relay-tester scripts will just say "the message has been
        accepted, it must be open."

J.D. Falk                                                SILENCE IS FOO!
<jdfalk () cybernothing org>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]